Compliance Rule

This is the current version of this document. To view historic versions, click the link in the document's navigation bar.

Section 1 - Overview

(1) To maintain and support the University's commitment to a high standard and quality experience for our students, and an ethical and secure workplace for our staff, a commitment to compliance with all applicable laws, regulations, standards and internal rules and policies is essential. The University's approach to compliance management is shaped by the values and objectives within our strategic plan, and is implemented via an enterprise-wide compliance management system (CMS) which assists in promoting a culture within the University that values compliance, enables efficient processes and practices, avoids duplication of effort, and is continually evolving and improving.

(2) The purpose of this Rule is to ensure the University's business is conducted in accordance with its compliance requirements and commitments, and managed in a uniform way within the CMS. The CMS is based on the principles in Australian Standard AS ISO 19600:2015 Compliance management systems — Guidelines.

(3) The CMS is facilitated by the University's purpose built online tool, the Compliance Register System (CRS). The CRS is the tool relied upon to inform, record, manage and report upon the University's compliance obligations.

Section 2 - Scope

Section 3 - Rule

(5) Australian Standard AS ISO 19600:2015 provides principles for the development, implementation, evaluation and maintenance of an effective and responsive CMS. These principles are adopted by the University and underpin the design of the CRS.

Principles

(6) Understand the environment the University operates in. The CMS is contextualised to reflect both the external environment and the internal issues that affect the operation of the University. This includes:

Establishing the scope of the CMS and ensuring it reflects the University's mission, vision, values and its strategic priorities and principles of good governance.

Building processes to identify new and changed compliance requirements and commitments.

(7) Effective leadership and support of the CMS: The Council and senior executive provide support and demonstrate leadership and commitment to the CMS by:

Establishing and upholding the University's values, and setting the right tone from the top.

Ensuring the CMS is consistent with the University's mission, vision, values and strategic priorities.

Providing the resources needed for the establishment, development, implementation, evaluation, maintenance and continual improvement of the CMS.

Assigning responsibilities and authority for relevant roles.

Regularly communicating the value of the CMS to stakeholders.

(8) Effective management and controls to meet compliance obligations: The University plans, implements and controls the processes needed to meet compliance obligations, and to implement the actions to address compliance risks. This includes:

Putting in place effective controls to ensure that the University's compliance obligations are met and that non-compliance is prevented or detected and corrected.

Ensuring due diligence around the outsourcing of processes to ensure adherence to expected levels of behaviour.

When non-compliance occurs, the University takes action to control and correct it, and/or manage the consequences. This includes a clear and timely escalation process to ensure all relevant non-compliances are raised, reported and escalated to relevant management, and the compliance function is informed and able to support the escalation

The University seeks to continually improve the suitability, adequacy and effectiveness of the CMS.

Identifying opportunities for improvement of the compliance performance of the University.

(10) Performance is monitored, evaluated and reported upon. The CMS will be monitored to ensure it is effective, current, and can identify instances where non-compliance has occurred. Compliance indicators and reporting will be established to help with this aspect. This includes:

Establishing a plan for continual monitoring, setting out monitoring processes, schedules, resources and the information to be collected.

Conducting audits at least at planned intervals to provide information on whether the compliance management system is meeting its objective.

(11) The University plans to ensure the CMS can achieve its intended outcome. Planning includes:

Actions to address risks of non-compliance.

Establishing compliance objectives.

Preventing, detecting and reducing undesired effects of the CMS.

Achieving continual improvement in the CMS.

What UNE Representatives must do under this Rule

(12) The UNE Council is committed to an effective CMS, maintaining an effective management capability, and ensuring all compliance risks associated with the University objectives are effectively managed.

(13) All UNE Representatives are responsible for behaving in a manner that creates and supports compliance, and ensuring their activities on behalf of the University comply will all applicable laws, regulations and University rules and policies.

(14) All UNE Representatives have a responsibility to undertake their duties in accordance with the CMS.

(15) The Vice-Chancellor and Chief Executive Officer is responsible for developing and implementing an effective CMS; and is accountable for the regular review of the adequacy and performance of the CMS in managing compliance, and reporting of any significant compliance breaches.

(16) The Vice-Chancellor and Chief Executive Officer is responsible for ensuring appropriate resources are allocated to develop, implement, maintain and improve the CMS.

(17) Senior Executive is responsible for the effective management of, and compliance with, all applicable University obligations, and ensuring all breaches are reported and appropriately managed.

(18) Managers have a duty to uphold and monitor compliance within their areas of responsibility, and to ensure that employees who report to them receive necessary training and instructions to enable them to fulfil their compliance obligations.

(19) The controls and compliance processes the University puts in place will be proportionate to the level of risk that the University faces in relations to a particular compliance obligation.

Authorisation and Compliance

(20) The UNE Council, pursuant to Section 29 of the University of New England Act, makes this University Rule.

(21) University Representatives must observe it in relation to University matters.

(22) The Rule Administrator is authorised to make procedures and guidelines for the operation of this University Rule. The procedures and guidelines must be compatible with the provisions of this Rule.

(23) This Rule operates as and from the Effective Date.

(24) The previous Rule and associated Compliance Management Framework and Procedures and related documents, are replaced. They have no further operation from the Effective Date of this new Rule.

(25) Notwithstanding the other provisions of this University Rule, Council may approve an exception to this Rule where it is determined that the application of the Rule would otherwise lead to an unfair, unreasonable or absurd outcome. Approvals by Council under this clause must be documented in writing and must state the reason for the exception.

(26) All UNE Representatives must comply with this Rule. A failure to comply with this Rule may amount to misconduct/serious misconduct and/or unsatisfactory performance.

Section 4 - Definitions

(28) Compliance commitment - means a requirement that the University chooses to comply with This includes: University rules and policies; principles or codes of practice; contractual obligations; agreements; environmental commitments; industry standards; etc

(29) Compliance management system (CMS) - the set of interacting elements established to achieve all the University's compliance obligations.

(31) Compliance register system - is a component of the CMS, and the University specific tool relied upon to inform, record, manage and report upon the University's compliance obligations.

(32) Compliance Requirements - means a requirement that the University has to comply with. This includes: laws and regulations; permits and licences; regulator guidance; court judgements; treaties and conventions; etc

(33) Managers - A person responsible for controlling or administering a group of employees.

(36) UNE Representative - means a University employee (casual, fixed term and permanent), contractor, agent, appointee, UNE Council member and any other person engaged by the University to undertake some activity for or on behalf of the University. In includes corporations and other bodies falling into one or more of these categories.